mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-27 07:01:09 +00:00
37 lines
3.4 KiB
Markdown
37 lines
3.4 KiB
Markdown
# Kuiba Ufunuo wa Taarifa Nyeti kutoka kwenye Wavuti
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhusu udukuzi wa AWS kutoka sifuri hadi bingwa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|
|
|
|
Ikiwa wakati fulani unakutana na **ukurasa wa wavuti unaokupa taarifa nyeti kulingana na kikao chako**: Labda inaonyesha vidakuzi, au inachapisha au maelezo ya kadi za mkopo au taarifa nyeti nyingine yoyote, unaweza kujaribu kuiba.\
|
|
Hapa nakuonyesha njia kuu unazoweza kujaribu kufanikisha hilo:
|
|
|
|
* [**Kupita kizuizi cha CORS**](pentesting-web/cors-bypass.md): Ikiwa unaweza kupita kizuizi cha kichwa cha CORS, utaweza kuiba taarifa kwa kufanya ombi la Ajax kwa ukurasa mbaya.
|
|
* [**XSS**](pentesting-web/xss-cross-site-scripting/): Ikiwa unapata udhaifu wa XSS kwenye ukurasa, unaweza kutumia udhaifu huo kuiba taarifa.
|
|
* [**Danging Markup**](pentesting-web/dangling-markup-html-scriptless-injection/): Ikiwa huwezi kuingiza vitambulisho vya XSS, bado unaweza kuiba habari kwa kutumia vitambulisho vingine vya kawaida vya HTML.
|
|
* [**Clickjaking**](pentesting-web/clickjacking.md): Ikiwa hakuna ulinzi dhidi ya shambulio hili, unaweza kuwadanganya watumiaji wakutumie data nyeti (mfano [hapa](https://medium.com/bugbountywriteup/apache-example-servlet-leads-to-61a2720cac20)).
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze kuhusu udukuzi wa AWS kutoka sifuri hadi bingwa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako inatangazwa kwenye HackTricks** au **kupakua HackTricks kwa muundo wa PDF** Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks_live**](https://twitter.com/hacktricks_live)**.**
|
|
* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwenye** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|